Mac OS X Lion — Changing SSHD port

I love Apple. I’m not some wacky Apple-or-Die lunatic but I have been using OS X as my primary home operating system for quite a while now.  Windows, Unix and Linux each have their own strengths and weaknesses and I use all of them. But for my everyday computing needs, OS X  just works. It’s stable, it looks unbelievable and the UI advancements especially around input gestures in Lion are way ahead of anyone else. It’s not always peaches and cream however. Apple having to do everything their own special Apple way can make usually simple tasks such as changing your default sshd port a bit of a pain in the ass. I was reminded of this during my recent upgrade to Lion.

In your traditional *nix OS you can simply edit one file in your /etc or /etc/ssh directory, generally called sshd_conf or something similar, and change your sshd port. Simply bust out your trusty text editor and change the line “Port 22” to list whatever port you wish to use, save the file and restart your sshd daemon. Sshd will now be running on the port of your choosing.

Does OS X have a /etc/sshd_config file? Absolutely! Can you change the “Port 22” line using your trusty text editor? Absolutely! Will this change the sshd port on your system once your restart your sshd daemon? Absolutely NOT!

There are plenty of older posts around on this topic but too bad, you’re getting mine anyway. I need the writing practice and my recent Lion upgrade screwed me over by overwriting my sshd config files forcing me to dig up this solution again.

The first thing you’ll need to do to change the sshd port in OS X is create a “service definition” in the /etc/services file. To do this, edit the /etc/services and add the lines:

SuperSecretSSH     12345/udp
SuperSecretSSH     12345/tcp

This will create the service definition for your very own special sshd configuration. (Wait What?! — You don’t even see the /etc/services file? That’s right,…OS X Lion will hide this file. Check out this handy post for temporarily making these files visible http://www.mikesel.info/show-hidden-files-mac-os-x-10-7-lion/ )

Now that you have your service defined in /etc/services there is one just more file to modify, /System/Library/LaunchDaemons/ssh.plist. This lovely little file tells launchd what services to launch. Search the file for SocksServiceName and change it from this:

<key>SockServiceName</key>
<string>ssh</string>

To this:

<key>SockServiceName</key>
<string>SuperSecretSSH</string>

Once you have made these changes, reboot and your sshd service should be running on your super secret port of 12345. May your logs never fill with unnecessary automated login attempts from the internet again.

For slightly more technical details please check out the original post from waaaaay back in 05′ courtesy of MacWorld